I'm looking to implement the Spamhaus drop list. http://www.spamhaus.org/drop/index.lasso
On their FAQ they have a script that looks like it grabs the lists text file and connects to a given router, and tells you what has changed in the list, and what your router is null routing. I'm not sure if it
Is there a competing droplist, that can be compared against Spamhaus's droplist? That seems like an extraordinary claim, so I'm not satisfied with the evidence provided. Is this not the best droplist? -----Original Message----- From: Dean Anderson [mailto:dean@av8.com] Sent: Monday, June 15, 2009 6:10 PM To: Quinn Mahoney Cc: nanog@nanog.org Subject: Re: spamhaus drop list I suggest you avoid spamhaus, MAPS, and SORBS. They are really spammers in disguise, using blacklists to harm their competition while presumably letting their own spam through. We know they have used trust of the anti-spam community to list-wash spam-trap addresses. See http://www.iadl.org/whitehat/whitehat-story.html add the IADL pages on Paul Vixie and MAPS. You might also look at http://www.av8.net/IETF-watch/People/JohnLevine/index.html Levine, long head of the Anti-spam Research Group, was also unmasked as a spammer. Fred Baker <fred@cisco.com> is on the ISC Board of Trustees, and is a Vixie supportor. --Dean On Mon, 15 Jun 2009, Quinn Mahoney wrote: then
removes the null routes if a list entry has been removed. I haven't found much documentation on the net regarding this. In the future it looks like you will be able to peer with them and null route traffic from a private AS, which will be routes from the drop list. Right now though, it looks like you'd have to update an ACL manually for any changes to the list. Or use this script which null routes the traffic (I guess it's not a big deal getting the syn packets, as long as the mail won't send because of the null route). I am not sure if this script updates the null routes automatically, or how to use it, I can't find to much documentation.
Any documentation on this script or another script available. What are your suggestions?
thanks
-- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000
Is there a competing droplist, that can be compared against Spamhaus's droplist? That seems like an extraordinary claim, so I'm not satisfied with the evidence provided. Is this not the best droplist?
Obviously the Spamhaus DROP list should be evaluated - you should not use such lists unreservedly. That said, the Spamhaus DROP list contains entries that *are* verifiably bad, e.g. the well published Cernel 85.255.112.0/20 prefix. Regarding the extraordinary claim - consider the possibility that Nanog has its share of kooks. Steinar Haug, Nethelp consulting, sthaug@nethelp.no
Also I don't like those lists at all http://www.heise.de/ix/nixspam/dnsbl_en/ Heise do print the very important magazines IX, CT and others in germany. They depend on their emails coming through. Kind regards Peter Quinn Mahoney wrote:
Is there a competing droplist, that can be compared against Spamhaus's droplist? That seems like an extraordinary claim, so I'm not satisfied with the evidence provided. Is this not the best droplist?
-----Original Message----- From: Dean Anderson [mailto:dean@av8.com] Sent: Monday, June 15, 2009 6:10 PM To: Quinn Mahoney Cc: nanog@nanog.org Subject: Re: spamhaus drop list
I suggest you avoid spamhaus, MAPS, and SORBS. They are really spammers in disguise, using blacklists to harm their competition while presumably letting their own spam through. We know they have used trust of the anti-spam community to list-wash spam-trap addresses.
See http://www.iadl.org/whitehat/whitehat-story.html add the IADL pages on Paul Vixie and MAPS.
You might also look at http://www.av8.net/IETF-watch/People/JohnLevine/index.html Levine, long head of the Anti-spam Research Group, was also unmasked as a spammer.
Fred Baker <fred@cisco.com> is on the ISC Board of Trustees, and is a Vixie supportor.
--Dean
On Mon, 15 Jun 2009, Quinn Mahoney wrote:
I'm looking to implement the Spamhaus drop list. http://www.spamhaus.org/drop/index.lasso
On their FAQ they have a script that looks like it grabs the lists text file and connects to a given router, and tells you what has changed in the list, and what your router is null routing. I'm not sure if it then removes the null routes if a list entry has been removed. I haven't found much documentation on the net regarding this. In the future it looks like you will be able to peer with them and null route traffic from a private AS, which will be routes from the drop list. Right now though, it looks like you'd have to update an ACL manually for any changes to the list. Or use this script which null routes the traffic (I guess it's not a big deal getting the syn packets, as long as the mail won't send because of the null route). I am not sure if this script updates the null routes automatically, or how to use it, I can't find to much documentation.
Any documentation on this script or another script available. What are your suggestions?
thanks
-- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de http://www.peter-dambier.de/ http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ ULA= fd80:4ce1:c66a::/48
On Jun 16, 2009, at 2:00 PM, Quinn Mahoney wrote:
Is there a competing droplist, that can be compared against Spamhaus's droplist? That seems like an extraordinary claim, so I'm not satisfied with the evidence provided. Is this not the best droplist?
Extraordinary claims require extraordinary proof. Mr. Anderson gives little proof at all, and not even close to extraordinary proof, IMHO. My personal experience is that Spamhaus is highly respectable organization. They are by no means perfect, but I trust their judgement to a high degree, FWIW. The Spamhaus DNSRBLs are, I believe, the most used on the Internet. This suggests the rest of the Internet has a different opinion than Mr. Anderson. I have not used MAPS, so I cannot comment on its utility. but I have never heard a single credible claim Mr. Vixie is a spammer, more or less a verifiable one. (Yes, that includes the claim below.) From my personal experience, Mr. Vixie is very much the opposite of a spammer. Mr. Vixie gave the Keynote speech at the NANOG conference yesterday, so I would submit the community at large disagrees with Mr. Anderson's assessment. SORBS is probably not as highly regarded as Spamhaus, but as with Vixie, not one credible claim has ever been made that Michelle is a spammer, including the below. Again, the opposite is reality, and probably to the same extent as Vixie. (I.e. Some people think they go too far in fighting spam, not in sending it.) Finally, John Levine is not a spammer either. I'm kinda tired of giving proof, so take my word for it, or not, as you please. Anyway, just some personal opinions from someone who has had personal interaction with the people involved and used two of the three products mentioned. Not sure this was operational, but I felt the need to step up and defend people after you forwarded the outrageous claims below to the list. (No one on the list saw Mr. Anderson's claims other than you, because you were personally CC'ed.) End of day, your network, your choice. I think you know mine. -- TTFN, patrick
-----Original Message----- From: Dean Anderson [mailto:dean@av8.com] Sent: Monday, June 15, 2009 6:10 PM To: Quinn Mahoney Cc: nanog@nanog.org Subject: Re: spamhaus drop list
I suggest you avoid spamhaus, MAPS, and SORBS. They are really spammers in disguise, using blacklists to harm their competition while presumably letting their own spam through. We know they have used trust of the anti-spam community to list-wash spam-trap addresses.
See http://www.iadl.org/whitehat/whitehat-story.html add the IADL pages on Paul Vixie and MAPS.
You might also look at http://www.av8.net/IETF-watch/People/JohnLevine/index.html Levine, long head of the Anti-spam Research Group, was also unmasked as a spammer.
Fred Baker <fred@cisco.com> is on the ISC Board of Trustees, and is a Vixie supportor.
--Dean
On Mon, 15 Jun 2009, Quinn Mahoney wrote:
I'm looking to implement the Spamhaus drop list. http://www.spamhaus.org/drop/index.lasso
On their FAQ they have a script that looks like it grabs the lists text file and connects to a given router, and tells you what has changed in the list, and what your router is null routing. I'm not sure if it then removes the null routes if a list entry has been removed. I haven't found much documentation on the net regarding this. In the future it looks like you will be able to peer with them and null route traffic from a private AS, which will be routes from the drop list. Right now though, it looks like you'd have to update an ACL manually for any changes to the list. Or use this script which null routes the traffic (I guess it's not a big deal getting the syn packets, as long as the mail won't send because of the null route). I am not sure if this script updates the null routes automatically, or how to use it, I can't find to much documentation.
Any documentation on this script or another script available. What are your suggestions?
thanks
-- Av8 Internet Prepared to pay a premium for better service? www.av8.net faster, more reliable, better service 617 344 9000
http://wnagele.com/2007/06/19/spamhouseorg-vs-nicat/ Another problem with spamhaus, they want to earn money. The Pirates Party in germany is a nonprofit. Nevertheless our mailers use a fixed addresses and when you query spamhaus long enough from a fixed address you are put on a blacklist and fed wrong information. Time and again all mails bounced. Every new mail admin went through this cycle :) Kind regards Peter Patrick W. Gilmore wrote:
On Jun 16, 2009, at 2:00 PM, Quinn Mahoney wrote:
Is there a competing droplist, that can be compared against Spamhaus's droplist? That seems like an extraordinary claim, so I'm not satisfied with the evidence provided. Is this not the best droplist?
Extraordinary claims require extraordinary proof. Mr. Anderson gives little proof at all, and not even close to extraordinary proof, IMHO.
My personal experience is that Spamhaus is highly respectable organization. They are by no means perfect, but I trust their judgement to a high degree, FWIW. The Spamhaus DNSRBLs are, I believe, the most used on the Internet. This suggests the rest of the Internet has a different opinion than Mr. Anderson.
I have not used MAPS, so I cannot comment on its utility. but I have never heard a single credible claim Mr. Vixie is a spammer, more or less a verifiable one. (Yes, that includes the claim below.) From my personal experience, Mr. Vixie is very much the opposite of a spammer. Mr. Vixie gave the Keynote speech at the NANOG conference yesterday, so I would submit the community at large disagrees with Mr. Anderson's assessment.
SORBS is probably not as highly regarded as Spamhaus, but as with Vixie, not one credible claim has ever been made that Michelle is a spammer, including the below. Again, the opposite is reality, and probably to the same extent as Vixie. (I.e. Some people think they go too far in fighting spam, not in sending it.)
Finally, John Levine is not a spammer either. I'm kinda tired of giving proof, so take my word for it, or not, as you please.
Anyway, just some personal opinions from someone who has had personal interaction with the people involved and used two of the three products mentioned. Not sure this was operational, but I felt the need to step up and defend people after you forwarded the outrageous claims below to the list. (No one on the list saw Mr. Anderson's claims other than you, because you were personally CC'ed.)
End of day, your network, your choice. I think you know mine.
-- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de http://www.peter-dambier.de/ http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ ULA= fd80:4ce1:c66a::/48
On Jun 16, 2009, at 4:43 PM, Peter Dambier wrote:
http://wnagele.com/2007/06/19/spamhouseorg-vs-nicat/
Another problem with spamhaus, they want to earn money. The Pirates Party in germany is a nonprofit. Nevertheless our mailers use a fixed addresses and when you query spamhaus long enough from a fixed address you are put on a blacklist and fed wrong information. Time and again all mails bounced. Every new mail admin went through this cycle :)
I know. Who would expect that when you use a resource, the people who own and pay for that resource might want to be compensated? The least they should do is make these rules clear and prominent on their website so you could know before you use the resource! Oh, wait, they do.... -- TTFN, patrick
Patrick W. Gilmore wrote:
On Jun 16, 2009, at 2:00 PM, Quinn Mahoney wrote:
Is there a competing droplist, that can be compared against Spamhaus's droplist? That seems like an extraordinary claim, so I'm not satisfied with the evidence provided. Is this not the best droplist?
Extraordinary claims require extraordinary proof. Mr. Anderson gives little proof at all, and not even close to extraordinary proof, IMHO.
My personal experience is that Spamhaus is highly respectable organization. They are by no means perfect, but I trust their judgement to a high degree, FWIW. The Spamhaus DNSRBLs are, I believe, the most used on the Internet. This suggests the rest of the Internet has a different opinion than Mr. Anderson.
I have not used MAPS, so I cannot comment on its utility. but I have never heard a single credible claim Mr. Vixie is a spammer, more or less a verifiable one. (Yes, that includes the claim below.) From my personal experience, Mr. Vixie is very much the opposite of a spammer. Mr. Vixie gave the Keynote speech at the NANOG conference yesterday, so I would submit the community at large disagrees with Mr. Anderson's assessment.
SORBS is probably not as highly regarded as Spamhaus, but as with Vixie, not one credible claim has ever been made that Michelle is a spammer, including the below. Again, the opposite is reality, and probably to the same extent as Vixie. (I.e. Some people think they go too far in fighting spam, not in sending it.)
Finally, John Levine is not a spammer either. I'm kinda tired of giving proof, so take my word for it, or not, as you please.
Anyway, just some personal opinions from someone who has had personal interaction with the people involved and used two of the three products mentioned. Not sure this was operational, but I felt the need to step up and defend people after you forwarded the outrageous claims below to the list. (No one on the list saw Mr. Anderson's claims other than you, because you were personally CC'ed.)
End of day, your network, your choice. I think you know mine.
-- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Rimbacher Strasse 16 D-69509 Moerlenbach-Bonsweiher +49(6209)795-816 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: peter@peter-dambier.de http://www.peter-dambier.de/ http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ ULA= fd80:4ce1:c66a::/48
Patrick W. Gilmore wrote:
I have not used MAPS, so I cannot comment on its utility. but I have never heard a single credible claim Mr. Vixie is a spammer, more or less a verifiable one. (Yes, that includes the claim below.) From my personal experience, Mr. Vixie is very much the opposite of a spammer. Mr. Vixie gave the Keynote speech at the NANOG conference yesterday, so I would submit the community at large disagrees with Mr. Anderson's assessment.
The former MAPS offerings have been owned by Trend Microsystems since 2005, and I'm fairly certain that Mr. Vixie hasn't been involved in that project since before Trend took over. There's more information at http://www.mail-abuse.com/. (Full disclosure: I worked for the Mail Abuse Prevention System from 2000-2001.) -- J.D. Falk Return Path Inc http://www.returnpath.net/
Is there a competing droplist, that can be compared against Spamhaus's droplist?
Not that I've ever seen. Nobody else has the breadth of data that Spamhaus does. I've been using it for ages and based on zero complaints, it's never blocked anything that any of my users wanted. R's, John
John Levine wrote:
Not that I've ever seen. Nobody else has the breadth of data that Spamhaus does.
I've been using it for ages and based on zero complaints, it's never blocked anything that any of my users wanted.
R's, John
I have to agree with this...I'm somewhat surprised to see some of the comments here. I've found there service to work well and have never received customer complaints.
On Tue, Jun 16, 2009 at 09:04:50PM -0000, John Levine wrote:
Not that I've ever seen. Nobody else has the breadth of data that Spamhaus does.
I've been using it for ages and based on zero complaints, it's never blocked anything that any of my users wanted.
I strongly concur with John: using the Spamhaus DROP list is incredibly effective not just against spam but against many other forms of abuse. I use a script to update various routers/firewalls/mail systems once a week, and there have been no problems of any kind with it. ---Rsk
participants (8)
-
Bret Clark -
J.D. Falk -
John Levine -
Patrick W. Gilmore -
Peter Dambier -
Quinn Mahoney -
Rich Kulawiec -
sthaug@nethelp.no